Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [aont]

AONT is an acronym for an all-or-nothing transform. An AONT is used in combination with encryption and it indicates that all of the ciphertext needs to be known to be able to decrypt.

More information about AONT and its historical context can be found on Wikipedia.

13 questions
6
votes
2 answers

Length-preserving all-or-nothing transform

Is there any known way to construct a length-preserving all-or-nothing transform? In other words, a secure all-or-nothing transform where the length of the output is the same as the length of the input. My thanks to @Ricky Demer for suggesting this…
D.W.
  • 36,982
  • 13
  • 107
  • 196
4
votes
2 answers

Making a cipher non-malleable using a plaintext transform?

NOTE: By malleable/non-malleable, I mean the ability/or not to change a byte/block of the ciphertext and have it change only that byte/block of the plaintext. I understand that we use authentication (via HMAC/UMAC/etc.) to verify integrity. However,…
Modal Nest
  • 1,473
  • 5
  • 18
3
votes
0 answers

Can you rely on the permutation of a ciphertext for secrecy?

Say you have a message and you run it through an all-or-nothing transform. A transform that requires every single block in the correct order in order to recover any data. Each block is indistinguishable from random noise. Now shuffle them using a…
Daffy
  • 2,429
  • 20
  • 29
3
votes
0 answers

All-or-nothing transform that doesn't increase message size?

All of the AON transforms I've read about involve generating a key, which increases the message by a few bytes. Is there an AON transform that preserves the message size while still having avalanche properties?
Daffy
  • 2,429
  • 20
  • 29
3
votes
1 answer

Is this an acceptable All-or-Nothing Transform?

I was thinking about AONTs, and designed the one below, I call it CHANT for Chained-Hash All-or-Nothing Transform; it's my very first shot at something of the sort, and was hoping I could get your opinions. Suppose you have a hash function $H$ of…
mpr
  • 255
  • 1
  • 5
2
votes
1 answer

Does using a block cipher in CBC mode *twice* result in an all-or-nothing transform (AONT)?

Use a block cipher in CBC mode with a public or all-0 key. Twice. Wrapping the last block into (xor) the first on the second round. Every block will depend on all previous and all successive blocks. Any corruption in any block will corrupt all the…
Arnold Snooli
  • 23
  • 3
1
vote
0 answers

Would a key recovery attack on ChaCha's keystream would be made more secure with an AONT?

To be clear I'm well aware that ChaCha doesn't need to be "improved". Also, I have no intentions or misguided ideas about trying to "improve" it. My question is hypothetical, and is inspired by the comments on this answer I am also aware that…
Modal Nest
  • 1,473
  • 5
  • 18
1
vote
2 answers

Can Reed Solomon parity blocks be used as an all-or-nothing transform?

Consider the following scheme: Perform an (N,N) Reed-Solomon encoding (i.e. N data blocks, N parity blocks) Drop the N data blocks and keep only the N parity blocks. Are these N parity blocks an all-or-nothing transform? (meaning missing even one…
stefanix
  • 317
  • 1
  • 7
1
vote
1 answer

OAEP security with variable length hash function

I'm implementing a hobby cryptosystem for fun and to increase my knowledge on the subject, and I was wondering if the OAEP construct was still sufficient as an all-or-nothing-transform if variable length hash functions (specifically SHAKE256) are…
ThePlasmaRailgun
  • 189
  • 6
0
votes
0 answers

Storing secrets on a peer-to-peer network by splitting up AONT data

I've come up with a way to transform a stream of bytes such that if any single bit is modified, it cannot be transformed back into its original state. Here's how it works: Encoding Get hash of entire file (call it hash A) XOR file using repeat…
HizkiFW
  • 1
  • 2
0
votes
0 answers

Is there a public-key, "deal-less", all-or-nothing, "secret-length message" cryptosystem or some easy way to derive it?

I want to make an ecryption algorithm that is secure in, well, really many ways, which is hard I see, so I came up with some ideas of how to implement it using some primitives that I know and I actually discovered some online that resemble it, but I…
cnikbesku
  • 125
  • 5
0
votes
0 answers

Simple scheme to publish data with a private key

The goal is for Alice to send an encrypted message to Bob. Neither Bob nor anyone else should be able to decode the message. Alice should be be able to decode it, when all data is shown to her. However, Alice cannot store anything related to the…
CaptainCodeman
  • 101
-2
votes
1 answer

Increasing the brute force search time by repeatedly using an an all-or-nothing transform as padding

I'll explain some extra steps I'd like add to the example given in this document, to further slow down each brute force key attempt, and then you guys can tell me why it wouldn't work. As an example, if I send you a eight-megabyte message…
daniel
  • 912
  • 5
  • 15